Add a meeting Rate this page

A

Bye, hello, everyone, let's just wait a couple of.

A

Minutes.

A

Yeah mother.

B

Hey brandon.

A

It seems, like I think, you're gonna be having um all the agenda items today.

B

Yes, all the items.

A

All right, let's just give a couple of.

A

Minutes.

A

Good morning,.

A

Everybody hey brandon, come on all right. Let's wait a couple more minutes, I'll, probably start in another two minutes since zoom usually gets.

A

Issues.

A

um I put in the link to the meeting doc in the chat. So if you could put in your attendance and the meeting notes and also um it'd be great, if we can have one or two scribes to kind of take a few.

A

Notes.

A

uh For those that just joined me just waiting a couple more minutes for people to dribble.

A

Thanks ray for volunteering to start.

A

All right, I think we have um quite a good number of people. uh Let's get started um so quick announcement before we jump into the agenda, um there's kubecon going on next week, so we will be having this meeting next week, so that will be canceled um other than that. Also, that is the account native security date. That's going to be going on on monday.

A

Emily will be talking about that a bit more in detail later, so I'll leave it to her later. um So, let's go through check-ins. Let's see um people are checking in. um It looks like we don't have any updates um outside the agenda items, um so I guess you can skip right in.

C

I'm sorry, I think I I there's a oh sorry. I just I'm a bit late. So I haven't checked the agenda, but there's.

C

um

C

um

A

uh The agenda today is going to be around um cloud data security date.

C

Okay, there was just one thing: I had an update: that's all yeah, okay,.

A

Yeah justin go ahead.

C

um Just the um open policy agent are applying for graduation, and so they need a security review. So there is a doc on a draft doc, but we need to go secure. You need to go through and um review.

C

So review oprah, I know several people have started looking at it.

D

We've assessed it twice, um you know at this point uh I think justin. The only thing uh it needs is the sort of chair sign off. um Does it need a write-up.

C

I I wasn't, I was the only thing I think that was it justin did, I think, just into the draft right write-up, which was roughly taken from the reviews, but actually there's been a bunch of updates since then, because they implemented a bunch of the stuff that we asked for.

C

So I thought I suggest that um that they should update it with what had changed since then, rather than because it look.

C

I had this problem in a previous one, where it just had a list of recommendations put in the dark, but actually the more interesting thing was, which ones had and hadn't been implemented from the dsc point of view, and so some of the some of the important things we recommended they have implemented, which I think is important, and so I think we should kind of sign off on a version of what's now rather than what's then and say because it's kind of it's it's kind of stronger if they have implemented our recommendations rather than listing what they were six months ago.

C

Absolutely.

D

Justin, did you want to jump in capos.

E

um I don't have a problem with that. I was trying to make the process um not not be onerous for anybody involved and they did provide information along those those lines.

E

So I did ask the reviewers, especially, but really anybody to take a look and see um you know what they thought about those changes, um but when it came time to actually writing the document, I I did mostly basically just copy and paste from our request before, um mostly because I I didn't want to have to go through an extended process to get a new text approved.

C

Yeah, no, I think that's I think, that's fine. I mean I suggested that they should just maybe add notes about what had been implemented directly there or something like that, and I I I saw there was some dog updates earlier, which I haven't had a chance to check, but.

E

I think that's a great suggestion. I'd I'd be very happy for the comment on those those points which they kind of have already done in their document. So it's I think, that'd be. That would be great.

F

Yeah, just a quick update that we've updated the dock with the recommendations that were from last year and what we actually have done uh to resolve some of those recommendations. So I think the doc's been updated with those details as well.

C

Excellent good good good that sounds great, then I think in that case um yeah then we probably just can go to chair sign off then.

D

Great.

C

I'll just take a trade, another look at it and see. If I have any more comments, then, since it's been updated, but that's.

D

Great just uh justin, if you could do that as well, and then uh I'll I'll try to listen later today,.

E

Yeah I I I approve um whatever I need to do to to do that. I yeah I wrote that thing so I I approve it.

G

All right, great.

A

Thank you all right, thanks justin, um let's see, I think we don't have anything else um for check-ins. uh Do we have anyone from policy work group or the next.

A

Big data working group for any.

H

Updates, uh I did sorry, I'm jump in the middle. I did have a something that I wanted to to bring up, but uh uh I don't even want to go on with a policy working group or.

A

I mean go for it: uh bridges.

H

Okay, so uh in total is gearing for incubation, and uh I know that the security made the recommendation for uh incubation earlier on. There was a discussion on slack saying. uh Yes, this is still the recommendation.

H

uh Something I just wanted to uh to double check is: is there any way or like any requirement for the sake to make a public uh like statement like this somewhere else, more official, maybe uh getting another like or like just reviewing the deck of the original recommendation, or uh how can we uh get more of it like? This? Is the stance that everybody can verify other than like reading the security slack.

I

Do you have a due diligence sock yet santiago? uh It.

H

Is it is being worked with uh with michelle? uh I I could share it. uh I don't know, maybe after my meeting with her tomorrow, would that be what you guys would want like.

D

Yeah, that's that's so far as how we've you know expressed that um you know we have uh in toto in our read me, as you know, project of interest uh to us. uh So we capture that kind of in in our in our documentation.

D

um But you know, as as far as like a position statement to the you know the rest of the cncf. The way that we've done that with um you know now, with oppa, uh notary um and other stuff, is through that due diligence document that uh we will formally sign off on and and say that we recommend oh.

H

Perfect, okay, then uh I will uh just confirm within show and uh then I'll send it your way. uh Should I post it uh on the slack or should I send it to you, yeah.

D

Drop it into security on slack and uh and pygmy okay, great.

I

Thank.

D

You thanks.

A

All right cool, um let's see, uh robert anything from policy site.

G

I know we uh didn't have a meeting this week. We have it every other week, so uh the progress report this week but I'll come back next week.

J

Give us.

G

An update sounds good.

A

um And um mark can say anything from your site.

J

Yep, no news here all right: cool.

A

All right, let's jump into what we had um the items we had for today, um so I will pass this over now to emily.

B

Hey everyone um so as a reminder, brandon touched on it earlier, but cloudnativecon kubecon is next week and security is kicking off with the co-located virtual event on monday august 17th starting um pretty early for eastern daylight time, but around one for amsterdam time uh cloud native security day is next week. um I'm opening up with opening remarks should be short and sweet, but we do have a lot of really great presenters. So if you haven't registered yet um go online, I believe registration is still open.

B

I think it's 75 for the entire week and then an additional 20 for security day, so um lots of great talks hope to see you all online. um So that's what I have for security day. The other thing that I have is the cloud native security weight paper working group has been charging forward.

B

We're making really good progress on getting some content generated. I've been reviewing everybody's comments and everybody's input, and so far everything is looking great. I've recently updated the github issue. I believe it's 138 it's linked in the agenda um with our new schedule, just time bounding when our when folks can expect to have certain things completed by or within, so if you're interested in either joining. The group comment on the issue hit me up in the slack channel, we'll get you added other than that everything is going really well.

A

Cool um and if there's anyone, that's kind of um wants to jump into the the white paper now, um how should they kind of go about it?.

B

um You if you're interested in joining the whitepaper group, you can comment on the issue, and I monitor that for updates, or you can hit me up in the slack channel and I will get you added to the whitepaper channel as well as to the doc with the right permissions.

B

um Just let me know either through the issue or through slack.

A

uh Cameron asks whether there's a list of topics. um Maybe we can thank the.

B

Yeah, so the issue uh issue number 138 has a complete uh high level outline of topics um and, if you're looking for more specific information, it's pretty much anything that has to do with the technology underlying cloud native deployments, as well as the life cycle processes associated with doing a cloud native deployment. So everything from software supply chain security all the way through deployment, monitoring maintenance and upgrades kubernetes stack. What does that?

B

Look like there there's a lot of different things in there, so it's a if you're interested in any of those things or learning more definitely recommend joining the group.

B

um If you're not an expert in any of those fields, that's fine, too we're looking for people to help also review and just verify the content, make sure that it's making sense making sure we're on target with our audience and with the scope of the paper, I saw a couple of comments in chat I'll, be reaching out to everybody.

J

We're.

K

Just sending the links.

J

All right cool is, there is probably in the in the notes here. Is there a link for uh paying the 75 bucks and getting in the conference.

B

I am looking for it now um I'll have to post it in the chat, great.

J

Or you can put it in the the notes for today I can look there thanks.

A

Yeah I'm gonna put in this. uh This is thing that I found, which is like a register now, um and I mean it basically brings you back to the coupon registration, but through the registration process, I think they will.

B

Give.

J

You.

B

A bunch.

A

Of things, yeah yeah I'll post that in the meeting.

E

Notes.

A

As well, okay, um I think that's all we had um for the agenda this week so.

G

I'll just add my my pitch again for uh volunteers who may want to help with the cloud custodian assessment. I'm still looking for additional help on that project.

A

Yeah and I, I suspect that we will.

A

I I'm expecting us to have a lot of new faces, um probably after kubecon, so we could try again. There.

J

Thanks for your help, there.

J

That was robert asking for help right, so I put a note in the chat uh this is underwood. I'd be interested in trying to sit on some of this fantastic I'll I'll reach out on slack super thanks.

A

All right cool uh anything else, if not we'll call this meeting and then we'll see everyone at quran I'll see you um in two weeks we have. We also have a sec security session, that's being done by jj, and I think it was fuji and sarah um are doing this security session at coupon so drop by. If you can as well cool all right, see everyone soon.

J

Thanks brandon thanks brandon folks and.

A

Thanks.

J

Guys so.

A

Much for for subscribing for us, it's really helpful. Thank.

A

You.

A

You.
youtube image
From YouTube: CNCF SIG Security 2020-08-12

Description

CNCF SIG Security 2020-08-12